We used to have the flag 'Enable domain's SMTP auth setting for local deliveries' set OFF.
To improve security and anti-spam defenses we set it ON.
We have situations as a hosting company whereby we send mail from one of our webservers and relay through the mail server to ensure it has the right headers etc and to avoid vulnerabilities on the webservers. For example, in a WordPress site we have SMTP settings where we set up our mail server FQDN, user name and password for an email account we are going to use to send the mail, for example, for an order acknowledgement and port number. There are various methods depending on the platform but they all require to be authenticated through our mail server. All work fine with the flag ON.
However, we have customers who do not host their sites with us, but only email. We tell them how to configure mail to be relayed through our server.
Since changing the setting to ON for 'Enable domain's SMTP auth setting for local deliveries' two customers are getting 'authentication is required for relay' bounces and the same in the logs. One of these customers uses a CCTV camera system which sends an email with a photo every time somebody walks in the building. They read out to me the settings in the software that does this and it seems perfect. They send an email from firstname.lastname@example.org to email@example.com I don't know if that is part of the problem but we have tried scripts that replicate that and it works fine for us.
The other customer does exactly as we do: they have an e-commerce site that sends order acknowledgments etc. relayed through our server and, supposedly, authenticated. I say 'supposedly' because this customer uses a 3rd party hosted service and they are very secretive about the settings they use. So I am dangerously assuming that they are configured correctly.
Now, as I have not personally seen either configuration for myself it could be both are misconfigured. But I am wondering if anyone has had a similar situation where this can happen if the flag mentioned is set to 'ON" and there are circumstances other than plain authentication misconfiguration that could cause it?